Public key cryptography, also known as asymmetric cryptography, is a form of cryptography in which a user has a pair of cryptographic keys—a public key and a private key. The private key is kept secret, while the public key may be widely distributed. The keys are related mathematically, but the private key cannot be practically derived from the public key. A message encrypted with the public key can only be decrypted with the corresponding private key. The two main branches of public key cryptography are public key encryption and digital signatures. Using public key encryption, a message encrypted with a user's public key cannot be decrypted by anyone except the user possessing the corresponding private key. This is used to ensure confidentiality. Using digital signatures, a message signed with a user's private key can be verified by anyone who has access to the user's public key, thereby proving that the user signed it and that the message has not been tampered with. This may be used to ensure authenticity or prevent repudiation.
A central problem for public key cryptography is proving that a public key is authentic, and has not been tampered with or replaced by a malicious third party. The usual approach to this problem is to use a public key infrastructure (PKI), in which one or more third parties, known as certificate authorities, certify ownership of key pairs. While public key infrastructures provide a workable solution to the problem of ensuring the authenticity of a public key, they are of considerable complexity and expense to establish and maintain. Another approach, used by PGP (“Pretty Good Privacy”), is the “web of trust” method to ensure authenticity of key pairs.